Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Kubernetes day 2 Operations

Installing and Using Kubernetes is hard, but Operating Kubernetes is even harder! This BOF is for Kubernetes Operators to get together and discuss our day to day Operations, and for people new to Kubernetes to learn more about how to operate it.

10.
“In general, taking something that’s
already working somewhere and
expanding its usage (capabilities) is far
more likely to succeed than building
these capabilities from scratch”

11.
Patches Patching App and System components
as CVEs occur
Scaling Seamlessly scale platform components
to accommodate changing demand.
Upgrades. How do you roll out new versions of
the platform with the lights on?
Operating Effort Operating the platform should
require very few resources and minimum manual
intervention. Otherwise, you will be spending
lots on operational support!
Development The team can make progress in
developing new features for the platform
CI/CD CI/CD pipelines drive the testing and
promotion of artifacts
Consistency Provide a consistent setup
experience, across different environment
configurations.
Setup time How long does it take to setup a real
world working environment? Think hours, not
weeks.
Day 1 - Build Day 2 - Operate & Enhance

27.
How to
Get an
Kubernetes
Are you
in the
“cloud”?
yes
Which
cloud ?
GKEAKS EKS
Azure
Google
Amazon
Do you
want
help?
no
GLHF
Pivotal Container Service
…
...
https://kubernetes.io/partners
no
yes
Other
A
laptop ?
minikube
no
yes

30.
Kubespray
https://github.com/kubernetes-incubator/kubespray
● Ansible based, so very approachable
● An official Kubernetes (incubator) project
● Good support for CNIs and Cloud Providers
● Combine with one of the Ansible Hardening projects
○ https://github.com/dev-sec/ansible-os-hardening
○ https://github.com/openstack/ansible-hardening

31.
gitops
● Deployed Platform == code repo + environment repo
○ Ansible - Playbook + Inventory
○ Bosh - Release + Manifest
● Keep it all in git!
○ Fork upstream repo… if only to ensure it doesn’t get changed from under you
○ Inventory/Manifest is probably YAML … perfect to be stored in git.
○ One repo for all envs, or a repo per env … either is fine.
● Consider using a gitops focussed wrapper around ansible
○ Ursula-cli (https://github.com/blueboxgroup/ursula-cli)
○ Gosible (https://github.com/paulczar/gosible)
○ Molecule (https://github.com/metacloud/molecule)
● Use Jenkins or similar to run tests, deploy test envs, push to prod???
○ But probably not full on Continuous Delivery … risks are very high!

43.
Monitoring / Logging - The Platform
Server Agents
● Install as binaries / containers on the underlying OS
● No chicken and egg problems
● Extra devops toil (config management etc)
● Direct access to system metrics and logs
● Can use existing tools / processes
Daemonsets
● Run in Kubernetes on each node as daemonset
● If Kubernetes is broken, will the monitoring
daemonset be broken ?
● Have to be able to dockerize the agent
● Privileged containers / host volumes to access
system metrics and logs
● Masters also have to be workers or can’t run
daemonset on them.

49.
APP
APP
APP
APP
1
Identify 5-10 apps confirmed
as suitable to run on PKS 2
Work on a short project to push a few
apps all the way to prod and measure the
ROI metrics
SampleToolChain
Gitlab Concourse